Summary

Bot detection and mitigation (WE4.2 hCaptcha editing trial) in ConfirmEdit (CAPTCHA extension) now works with the VisualEditor interface after T406335: hCaptcha VisualEditor plugin: Display hCaptcha before first "Save changes" button press if possible. However, the code currently does not handle the case where a different sitekey is needed after the user submits their edit (such as in the case of a captcha AbuseFilter consequence)

Background

• AbuseFilter has a captcha consequence which forces the user to complete a captcha to submit the action
  • When hCaptcha is required for editing, this uses a hCaptcha challenge on edit actions
• This consequence can be configured to require a different site key for the action
  • This can be used to make the user always complete a visual challenge even if the user would not have to during a normal edit
• However, VisualEditor does not use the sitekey from the API response in this case
  • This means that the code will try to use the generic site key which causes a sitekey mismatch to fail the edit

Acceptance criteria

• When the AbuseFilter consequence is fired and uses a different sitekey than the normal edit one, the VisualEditor interface will allow the edit to succeed after the second attempt